Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp1034360ybf; Thu, 27 Feb 2020 03:57:57 -0800 (PST) X-Google-Smtp-Source: APXvYqwKj1Xpm/4+doClQYLgW2pdjkQgZh5cozrCEhKwRfAn1Jrz+E0+nenOPiW4D+vEpEDlWg4y X-Received: by 2002:a9d:6e98:: with SMTP id a24mr2902545otr.53.1582804677003; Thu, 27 Feb 2020 03:57:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582804676; cv=none; d=google.com; s=arc-20160816; b=RApSPC8Mp0BnrvPP8eGp4G/BxU011MqnixtY4OayXWVDl9FaWeuf3FaFUgczVnMakM LrUNvM/w+EvSkQV4ZaUyRQ91DjO949dzAYIywKH7MdfyUfWYNIUoeSLAbOF9bmSBcn6O VzuTWNlQivIsDlTr4sHhvhqStBo/G7i5Trj/MtCyHnf9y4vGcyrfKPFIzXYifKQbO+BG Wz2YPXiunjK8z8pAsU0paj3v+vMxPmo5yGrVzffuju0GUb6XZG8eqdb4AX80Q7zuxCbs iz3NfduHpSbEEIqYOMyH0/9iryiO4oWaYrrVVp0yyrzcmCd19eBA+UlYKtqhEhI/FSkq UO4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=zh05Cj8vtIuH5qpsLMyYEWFCipQ2HuOc3XYtKhBW6hA=; b=Z4man8kBk0m7a2obOEYWvfnKuv8pLCQsnvu2Km5RSb2QGwDozpA4JgL+Wh5G1PAvkx O6zX8AqnY01bT7F8zhGjaBSmlZu4GAFHxyuKF0NQXQUrappS5mMI7MA4eWzliNNwIs/k ZZGeu/t8zbo+/dCiqJBl4AfRhyl0EJi7cduwxnVXT2Q0sh8TQ8eh0PM97aFSIpXzezZG y+belKv0Z2A+iL0jhCDWfHjY71u6f5lUT/wJQNMNULNWtanyH2oAKxL9Lquw1yXLvKrq KF+hwJBLwrpTqdA8LocO7vvAkQ1QKBsS35kbDQLB3PymHpTkkn0Sr93viOX1Xw8hYz7g yVzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="lPMYR8/2"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q66si1164462oig.65.2020.02.27.03.57.44; Thu, 27 Feb 2020 03:57:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="lPMYR8/2"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728928AbgB0L5b (ORCPT + 99 others); Thu, 27 Feb 2020 06:57:31 -0500 Received: from mail-wr1-f66.google.com ([209.85.221.66]:44686 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728882AbgB0L5a (ORCPT ); Thu, 27 Feb 2020 06:57:30 -0500 Received: by mail-wr1-f66.google.com with SMTP id m16so2931515wrx.11 for ; Thu, 27 Feb 2020 03:57:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zh05Cj8vtIuH5qpsLMyYEWFCipQ2HuOc3XYtKhBW6hA=; b=lPMYR8/2BG8nuN9H0R1Cq+e5+kdzaxauQ8ws/ZcJMjpdlz6Tpw+hvapLx3CBe9ZQWy BlGyuk3F2T0KinjIJmB8BTj7WY4Fbjx4Uhh/S1HdSPyM4jBgqrIYzw2XE+zEONhAHNRd pNMoruUeOPN85/E91SBQftlqdx+5v97RaBLR6FgoFc7ZJzX4fEkmbWOUCiTmIuDrdA8X VJOnPem9ckGuOYYer7jKPwRwL9G/3Oi34Dv4JtAa5QaEEi4oNFtUeDpdtqpq+ZJpKdv1 fh+BPc1iNqaTPcv9+wGiN8mr2QnvpI/nycwbSZ4NxQZEMKhRB+XeabupV1ilnFb2TYJM rrfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zh05Cj8vtIuH5qpsLMyYEWFCipQ2HuOc3XYtKhBW6hA=; b=T8gYaHNeUF/v42sLLuKW9EoGmSDiVy+wDAis5mX0ZtC2MCuoSWYT0srAnS3+dNuqQy bHsPa/5Fx5L0KhCE6s2/1UusUNzfHt7YISGknxCxrE0aOD45i2I5JJDtRsI8DrVOglK+ SB464ukPDOSjDaldlK2JF7lErKd0IoUlT1hDruNI1X3dvVHp5krdrQ3WxvJCKCb8sYD1 Q7YkZS9TzOqeYOUJOA02iOs9mZkFXOVofhz44DYoEcY8ZH7/yRWA8iY7JVoie7MoqlSb vXP5TppgKUbjuwgYHyevQBl+i8Rj8jH1443QzaEPqIUJ8nmV/WSq7IbGhSx06JZCrSOP nz8w== X-Gm-Message-State: APjAAAV4gk580thErFuVm4QeFs8TqlaQaQW7gdeZJKTxW4Fzz92h4qqo vd2nzaun1N+NZMWUYLgeFY8U1OZbJGJliOK3nFNOFg== X-Received: by 2002:a5d:6692:: with SMTP id l18mr4412776wru.382.1582804648383; Thu, 27 Feb 2020 03:57:28 -0800 (PST) MIME-Version: 1.0 References: <0000000000007b25c1059f8b5a4f@google.com> In-Reply-To: <0000000000007b25c1059f8b5a4f@google.com> From: Alexander Potapenko Date: Thu, 27 Feb 2020 12:57:17 +0100 Message-ID: Subject: Re: KMSAN: uninit-value in simple_attr_read To: syzbot , Greg Kroah-Hartman , "Rafael J. Wysocki" Cc: linux-fsdevel@vger.kernel.org, LKML , syzkaller-bugs , Al Viro Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 27, 2020 at 10:29 AM syzbot wrote: > > Hello, > > syzbot found the following crash on: > > HEAD commit: 8bbbc5cf kmsan: don't compile memmove > git tree: https://github.com/google/kmsan.git master > console output: https://syzkaller.appspot.com/x/log.txt?x=14394265e00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=cd0e9a6b0e555cc3 > dashboard link: https://syzkaller.appspot.com/bug?extid=fcab69d1ada3e8d6f06b > compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1338127ee00000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=161403ede00000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+fcab69d1ada3e8d6f06b@syzkaller.appspotmail.com This report says it's uninit in strlen, but there's actually an information leak later on that lets the user read arbitrary data past the non-terminated attr->get_buf.